suricata
util-profiling-rules.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2012 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Endace Technology Limited.
22  * \author Victor Julien <victor@inliniac.net>
23  *
24  * An API for rule profiling operations.
25  */
26 
27 #include "suricata-common.h"
28 #include "util-profiling.h"
29 
30 #ifdef PROFILING
31 #include "util-byte.h"
32 #include "util-conf.h"
33 #include "util-time.h"
34 
35 /**
36  * Extra data for rule profiling.
37  */
38 typedef struct SCProfileData_ {
39  uint32_t sid;
40  uint32_t gid;
41  uint32_t rev;
42  uint64_t checks;
43  uint64_t matches;
44  uint64_t max;
45  uint64_t ticks_match;
46  uint64_t ticks_no_match;
48 
49 typedef struct SCProfileDetectCtx_ {
50  uint32_t size;
51  uint16_t id;
53  pthread_mutex_t data_m;
55 
56 /**
57  * Used for generating the summary data to print.
58  */
59 typedef struct SCProfileSummary_ {
60  uint32_t sid;
61  uint32_t gid;
62  uint32_t rev;
63  uint64_t ticks;
64  double avgticks;
67  uint64_t checks;
68  uint64_t matches;
69  uint64_t max;
70  uint64_t ticks_match;
71  uint64_t ticks_no_match;
73 
74 extern int profiling_output_to_file;
76 static char profiling_file_name[PATH_MAX] = "";
77 static const char *profiling_file_mode = "a";
78 static int profiling_rule_json = 0;
79 
80 /**
81  * Sort orders for dumping profiled rules.
82  */
83 enum {
91 };
92 
93 static int profiling_rules_sort_orders[8] = {
101  -1 };
102 
103 /**
104  * Maximum number of rules to dump.
105  */
106 static uint32_t profiling_rules_limit = UINT32_MAX;
107 
109 {
110 #define SET_ONE(x) { \
111  profiling_rules_sort_orders[0] = (x); \
112  profiling_rules_sort_orders[1] = -1; \
113  }
114 
115  ConfNode *conf;
116  const char *val;
117 
118  conf = ConfGetNode("profiling.rules");
119  if (conf != NULL) {
120  if (ConfNodeChildValueIsTrue(conf, "enabled")) {
122 
123  val = ConfNodeLookupChildValue(conf, "sort");
124  if (val != NULL) {
125  if (strcmp(val, "ticks") == 0) {
127  }
128  else if (strcmp(val, "avgticks") == 0) {
130  }
131  else if (strcmp(val, "avgticks_match") == 0) {
133  }
134  else if (strcmp(val, "avgticks_no_match") == 0) {
136  }
137  else if (strcmp(val, "checks") == 0) {
139  }
140  else if (strcmp(val, "matches") == 0) {
142  }
143  else if (strcmp(val, "maxticks") == 0) {
145  }
146  else {
147  SCLogError("Invalid profiling sort order: %s", val);
148  exit(EXIT_FAILURE);
149  }
150  }
151 
152  val = ConfNodeLookupChildValue(conf, "limit");
153  if (val != NULL) {
154  if (StringParseUint32(&profiling_rules_limit, 10,
155  (uint16_t)strlen(val), val) <= 0) {
156  SCLogError("Invalid limit: %s", val);
157  exit(EXIT_FAILURE);
158  }
159  }
160  const char *filename = ConfNodeLookupChildValue(conf, "filename");
161  if (filename != NULL) {
162 
163  const char *log_dir;
164  log_dir = ConfigGetLogDirectory();
165 
166  snprintf(profiling_file_name, sizeof(profiling_file_name),
167  "%s/%s", log_dir, filename);
168 
169  const char *v = ConfNodeLookupChildValue(conf, "append");
170  if (v == NULL || ConfValIsTrue(v)) {
171  profiling_file_mode = "a";
172  } else {
173  profiling_file_mode = "w";
174  }
175 
177  }
178  if (ConfNodeChildValueIsTrue(conf, "json")) {
179  profiling_rule_json = 1;
180  }
181  }
182  }
183 #undef SET_ONE
184 }
185 
186 /**
187  * \brief Qsort comparison function to sort by ticks.
188  */
189 static int
190 SCProfileSummarySortByTicks(const void *a, const void *b)
191 {
192  const SCProfileSummary *s0 = a;
193  const SCProfileSummary *s1 = b;
194  if (s1->ticks == s0->ticks)
195  return 0;
196  else
197  return s0->ticks > s1->ticks ? -1 : 1;
198 }
199 
200 /**
201  * \brief Qsort comparison function to sort by average ticks per match.
202  */
203 static int
204 SCProfileSummarySortByAvgTicksMatch(const void *a, const void *b)
205 {
206  const SCProfileSummary *s0 = a;
207  const SCProfileSummary *s1 = b;
208  if (s1->avgticks_match == s0->avgticks_match)
209  return 0;
210  else
211  return s0->avgticks_match > s1->avgticks_match ? -1 : 1;
212 }
213 
214 /**
215  * \brief Qsort comparison function to sort by average ticks per non match.
216  */
217 static int
218 SCProfileSummarySortByAvgTicksNoMatch(const void *a, const void *b)
219 {
220  const SCProfileSummary *s0 = a;
221  const SCProfileSummary *s1 = b;
222  if (s1->avgticks_no_match == s0->avgticks_no_match)
223  return 0;
224  else
225  return s0->avgticks_no_match > s1->avgticks_no_match ? -1 : 1;
226 }
227 
228 /**
229  * \brief Qsort comparison function to sort by average ticks.
230  */
231 static int
232 SCProfileSummarySortByAvgTicks(const void *a, const void *b)
233 {
234  const SCProfileSummary *s0 = a;
235  const SCProfileSummary *s1 = b;
236  if (s1->avgticks == s0->avgticks)
237  return 0;
238  else
239  return s0->avgticks > s1->avgticks ? -1 : 1;
240 }
241 
242 /**
243  * \brief Qsort comparison function to sort by checks.
244  */
245 static int
246 SCProfileSummarySortByChecks(const void *a, const void *b)
247 {
248  const SCProfileSummary *s0 = a;
249  const SCProfileSummary *s1 = b;
250  if (s1->checks == s0->checks)
251  return 0;
252  else
253  return s0->checks > s1->checks ? -1 : 1;
254 }
255 
256 /**
257  * \brief Qsort comparison function to sort by matches.
258  */
259 static int
260 SCProfileSummarySortByMatches(const void *a, const void *b)
261 {
262  const SCProfileSummary *s0 = a;
263  const SCProfileSummary *s1 = b;
264  if (s1->matches == s0->matches)
265  return 0;
266  else
267  return s0->matches > s1->matches ? -1 : 1;
268 }
269 
270 /**
271  * \brief Qsort comparison function to sort by max ticks.
272  */
273 static int
274 SCProfileSummarySortByMaxTicks(const void *a, const void *b)
275 {
276  const SCProfileSummary *s0 = a;
277  const SCProfileSummary *s1 = b;
278  if (s1->max == s0->max)
279  return 0;
280  else
281  return s0->max > s1->max ? -1 : 1;
282 }
283 
284 static void DumpJson(FILE *fp, SCProfileSummary *summary,
285  uint32_t count, uint64_t total_ticks,
286  const char *sort_desc)
287 {
288  char timebuf[64];
289  uint32_t i;
290  struct timeval tval;
291 
292  json_t *js = json_object();
293  if (js == NULL)
294  return;
295  json_t *jsa = json_array();
296  if (jsa == NULL) {
297  json_decref(js);
298  return;
299  }
300 
301  gettimeofday(&tval, NULL);
302  CreateIsoTimeString(SCTIME_FROM_TIMEVAL(&tval), timebuf, sizeof(timebuf));
303  json_object_set_new(js, "timestamp", json_string(timebuf));
304  json_object_set_new(js, "sort", json_string(sort_desc));
305 
306  for (i = 0; i < MIN(count, profiling_rules_limit); i++) {
307  /* Stop dumping when we hit our first rule with 0 checks. Due
308  * to sorting this will be the beginning of all the rules with
309  * 0 checks. */
310  if (summary[i].checks == 0)
311  break;
312 
313  json_t *jsm = json_object();
314  if (jsm) {
315  json_object_set_new(jsm, "signature_id", json_integer(summary[i].sid));
316  json_object_set_new(jsm, "gid", json_integer(summary[i].gid));
317  json_object_set_new(jsm, "rev", json_integer(summary[i].rev));
318 
319  json_object_set_new(jsm, "checks", json_integer(summary[i].checks));
320  json_object_set_new(jsm, "matches", json_integer(summary[i].matches));
321 
322  json_object_set_new(jsm, "ticks_total", json_integer(summary[i].ticks));
323  json_object_set_new(jsm, "ticks_max", json_integer(summary[i].max));
324  json_object_set_new(jsm, "ticks_avg", json_integer(summary[i].avgticks));
325  json_object_set_new(jsm, "ticks_avg_match", json_integer(summary[i].avgticks_match));
326  json_object_set_new(jsm, "ticks_avg_nomatch", json_integer(summary[i].avgticks_no_match));
327 
328  double percent = (long double)summary[i].ticks /
329  (long double)total_ticks * 100;
330  json_object_set_new(jsm, "percent", json_integer(percent));
331  json_array_append_new(jsa, jsm);
332  }
333  }
334  json_object_set_new(js, "rules", jsa);
335 
336  char *js_s = json_dumps(js,
337  JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII|
339 
340  if (unlikely(js_s == NULL))
341  return;
342  fprintf(fp, "%s\n", js_s);
343  free(js_s);
344  json_decref(js);
345 }
346 
347 static void DumpText(FILE *fp, SCProfileSummary *summary,
348  uint32_t count, uint64_t total_ticks,
349  const char *sort_desc)
350 {
351  uint32_t i;
352  struct timeval tval;
353  struct tm *tms;
354  gettimeofday(&tval, NULL);
355  struct tm local_tm;
356  tms = SCLocalTime(tval.tv_sec, &local_tm);
357 
358  fprintf(fp, " ----------------------------------------------"
359  "----------------------------\n");
360  fprintf(fp, " Date: %" PRId32 "/%" PRId32 "/%04d -- "
361  "%02d:%02d:%02d.", tms->tm_mon + 1, tms->tm_mday, tms->tm_year + 1900,
362  tms->tm_hour,tms->tm_min, tms->tm_sec);
363  fprintf(fp, " Sorted by: %s.\n", sort_desc);
364  fprintf(fp, " ----------------------------------------------"
365  "----------------------------\n");
366  fprintf(fp, " %-8s %-12s %-8s %-8s %-12s %-6s %-8s %-8s %-11s %-11s %-11s %-11s\n", "Num", "Rule", "Gid", "Rev", "Ticks", "%", "Checks", "Matches", "Max Ticks", "Avg Ticks", "Avg Match", "Avg No Match");
367  fprintf(fp, " -------- "
368  "------------ "
369  "-------- "
370  "-------- "
371  "------------ "
372  "------ "
373  "-------- "
374  "-------- "
375  "----------- "
376  "----------- "
377  "----------- "
378  "-------------- "
379  "\n");
380  for (i = 0; i < MIN(count, profiling_rules_limit); i++) {
381 
382  /* Stop dumping when we hit our first rule with 0 checks. Due
383  * to sorting this will be the beginning of all the rules with
384  * 0 checks. */
385  if (summary[i].checks == 0)
386  break;
387 
388  double percent = (long double)summary[i].ticks /
389  (long double)total_ticks * 100;
390  fprintf(fp,
391  " %-8"PRIu32" %-12u %-8"PRIu32" %-8"PRIu32" %-12"PRIu64" %-6.2f %-8"PRIu64" %-8"PRIu64" %-11"PRIu64" %-11.2f %-11.2f %-11.2f\n",
392  i + 1,
393  summary[i].sid,
394  summary[i].gid,
395  summary[i].rev,
396  summary[i].ticks,
397  percent,
398  summary[i].checks,
399  summary[i].matches,
400  summary[i].max,
401  summary[i].avgticks,
402  summary[i].avgticks_match,
403  summary[i].avgticks_no_match);
404  }
405 
406  fprintf(fp,"\n");
407 }
408 
409 /**
410  * \brief Dump rule profiling information to file
411  *
412  * \param de_ctx The active DetectEngineCtx, used to get at the loaded rules.
413  */
414 static void
415 SCProfilingRuleDump(SCProfileDetectCtx *rules_ctx)
416 {
417  uint32_t i;
418  FILE *fp;
419 
420  if (rules_ctx == NULL)
421  return;
422 
423  if (profiling_output_to_file == 1) {
424  fp = fopen(profiling_file_name, profiling_file_mode);
425 
426  if (fp == NULL) {
427  SCLogError("failed to open %s: %s", profiling_file_name, strerror(errno));
428  return;
429  }
430  } else {
431  fp = stdout;
432  }
433 
434  int summary_size = sizeof(SCProfileSummary) * rules_ctx->size;
435  SCProfileSummary *summary = SCMalloc(summary_size);
436  if (unlikely(summary == NULL)) {
437  SCLogError("Error allocating memory for profiling summary");
438  return;
439  }
440 
441  uint32_t count = rules_ctx->size;
442  uint64_t total_ticks = 0;
443 
444  SCLogPerf("Dumping profiling data for %u rules.", count);
445 
446  memset(summary, 0, summary_size);
447  for (i = 0; i < count; i++) {
448  summary[i].sid = rules_ctx->data[i].sid;
449  summary[i].rev = rules_ctx->data[i].rev;
450  summary[i].gid = rules_ctx->data[i].gid;
451 
452  summary[i].ticks = rules_ctx->data[i].ticks_match + rules_ctx->data[i].ticks_no_match;
453  summary[i].checks = rules_ctx->data[i].checks;
454 
455  if (summary[i].ticks > 0) {
456  summary[i].avgticks = (long double)summary[i].ticks / (long double)summary[i].checks;
457  }
458 
459  summary[i].matches = rules_ctx->data[i].matches;
460  summary[i].max = rules_ctx->data[i].max;
461  summary[i].ticks_match = rules_ctx->data[i].ticks_match;
462  summary[i].ticks_no_match = rules_ctx->data[i].ticks_no_match;
463  if (summary[i].ticks_match > 0) {
464  summary[i].avgticks_match = (long double)summary[i].ticks_match /
465  (long double)summary[i].matches;
466  }
467 
468  if (summary[i].ticks_no_match > 0) {
469  summary[i].avgticks_no_match = (long double)summary[i].ticks_no_match /
470  ((long double)summary[i].checks - (long double)summary[i].matches);
471  }
472  total_ticks += summary[i].ticks;
473  }
474 
475  int *order = profiling_rules_sort_orders;
476  while (*order != -1) {
477  const char *sort_desc = NULL;
478  switch (*order) {
480  qsort(summary, count, sizeof(SCProfileSummary),
481  SCProfileSummarySortByTicks);
482  sort_desc = "ticks";
483  break;
485  qsort(summary, count, sizeof(SCProfileSummary),
486  SCProfileSummarySortByAvgTicks);
487  sort_desc = "average ticks";
488  break;
490  qsort(summary, count, sizeof(SCProfileSummary),
491  SCProfileSummarySortByChecks);
492  sort_desc = "number of checks";
493  break;
495  qsort(summary, count, sizeof(SCProfileSummary),
496  SCProfileSummarySortByMatches);
497  sort_desc = "number of matches";
498  break;
500  qsort(summary, count, sizeof(SCProfileSummary),
501  SCProfileSummarySortByMaxTicks);
502  sort_desc = "max ticks";
503  break;
505  qsort(summary, count, sizeof(SCProfileSummary),
506  SCProfileSummarySortByAvgTicksMatch);
507  sort_desc = "average ticks (match)";
508  break;
510  qsort(summary, count, sizeof(SCProfileSummary),
511  SCProfileSummarySortByAvgTicksNoMatch);
512  sort_desc = "average ticks (no match)";
513  break;
514  }
515  if (profiling_rule_json) {
516  DumpJson(fp, summary, count, total_ticks, sort_desc);
517  } else {
518  DumpText(fp, summary, count, total_ticks, sort_desc);
519  }
520  order++;
521  }
522 
523  if (fp != stdout)
524  fclose(fp);
525  SCFree(summary);
526  SCLogPerf("Done dumping profiling data.");
527 }
528 
529 /**
530  * \brief Register a rule profiling counter.
531  *
532  * \retval Returns the ID of the counter on success, 0 on failure.
533  */
534 static uint16_t
535 SCProfilingRegisterRuleCounter(SCProfileDetectCtx *ctx)
536 {
537  ctx->size++;
538  return ctx->id++;
539 }
540 
541 /**
542  * \brief Update a rule counter.
543  *
544  * \param id The ID of this counter.
545  * \param ticks Number of CPU ticks for this rule.
546  * \param match Did the rule match?
547  */
548 void
549 SCProfilingRuleUpdateCounter(DetectEngineThreadCtx *det_ctx, uint16_t id, uint64_t ticks, int match)
550 {
551  if (det_ctx != NULL && det_ctx->rule_perf_data != NULL && det_ctx->rule_perf_data_size > id) {
552  SCProfileData *p = &det_ctx->rule_perf_data[id];
553 
554  p->checks++;
555  p->matches += match;
556  if (ticks > p->max)
557  p->max = ticks;
558  if (match == 1)
559  p->ticks_match += ticks;
560  else
561  p->ticks_no_match += ticks;
562  }
563 }
564 
565 static SCProfileDetectCtx *SCProfilingRuleInitCtx(void)
566 {
568  if (ctx != NULL) {
569  memset(ctx, 0x00, sizeof(SCProfileDetectCtx));
570 
571  if (pthread_mutex_init(&ctx->data_m, NULL) != 0) {
572  FatalError("Failed to initialize hash table mutex.");
573  }
574  }
575 
576  return ctx;
577 }
578 
580 {
581  if (ctx != NULL) {
582  SCProfilingRuleDump(ctx);
583  if (ctx->data != NULL)
584  SCFree(ctx->data);
585  pthread_mutex_destroy(&ctx->data_m);
586  SCFree(ctx);
587  }
588 }
589 
591 {
592  if (ctx == NULL|| ctx->size == 0)
593  return;
594 
595  SCProfileData *a = SCMalloc(sizeof(SCProfileData) * ctx->size);
596  if (a != NULL) {
597  memset(a, 0x00, sizeof(SCProfileData) * ctx->size);
598 
599  det_ctx->rule_perf_data = a;
600  det_ctx->rule_perf_data_size = ctx->size;
601  }
602 }
603 
604 static void SCProfilingRuleThreadMerge(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx)
605 {
606  if (de_ctx == NULL || de_ctx->profile_ctx == NULL || de_ctx->profile_ctx->data == NULL ||
607  det_ctx == NULL || det_ctx->rule_perf_data == NULL)
608  return;
609 
610  int i;
611  for (i = 0; i < det_ctx->rule_perf_data_size; i++) {
612  de_ctx->profile_ctx->data[i].checks += det_ctx->rule_perf_data[i].checks;
613  de_ctx->profile_ctx->data[i].matches += det_ctx->rule_perf_data[i].matches;
616  if (det_ctx->rule_perf_data[i].max > de_ctx->profile_ctx->data[i].max)
617  de_ctx->profile_ctx->data[i].max = det_ctx->rule_perf_data[i].max;
618  }
619 }
620 
622 {
623  if (det_ctx == NULL || det_ctx->de_ctx == NULL || det_ctx->rule_perf_data == NULL)
624  return;
625 
626  pthread_mutex_lock(&det_ctx->de_ctx->profile_ctx->data_m);
627  SCProfilingRuleThreadMerge(det_ctx->de_ctx, det_ctx);
628  pthread_mutex_unlock(&det_ctx->de_ctx->profile_ctx->data_m);
629 
630  SCFree(det_ctx->rule_perf_data);
631  det_ctx->rule_perf_data = NULL;
632  det_ctx->rule_perf_data_size = 0;
633 }
634 
635 /**
636  * \brief Register the rule profiling counters.
637  *
638  * \param de_ctx The active DetectEngineCtx, used to get at the loaded rules.
639  */
640 void
642 {
643  if (profiling_rules_enabled == 0)
644  return;
645 
646  de_ctx->profile_ctx = SCProfilingRuleInitCtx();
647  BUG_ON(de_ctx->profile_ctx == NULL);
648 
649  Signature *sig = de_ctx->sig_list;
650  uint32_t count = 0;
651  while (sig != NULL) {
652  sig->profiling_id = SCProfilingRegisterRuleCounter(de_ctx->profile_ctx);
653  sig = sig->next;
654  count++;
655  }
656 
657  if (count > 0) {
659  BUG_ON(de_ctx->profile_ctx->data == NULL);
660  memset(de_ctx->profile_ctx->data, 0x00, sizeof(SCProfileData) * de_ctx->profile_ctx->size);
661 
662  sig = de_ctx->sig_list;
663  while (sig != NULL) {
664  de_ctx->profile_ctx->data[sig->profiling_id].sid = sig->id;
665  de_ctx->profile_ctx->data[sig->profiling_id].gid = sig->gid;
666  de_ctx->profile_ctx->data[sig->profiling_id].rev = sig->rev;
667  sig = sig->next;
668  }
669  }
670 
671  SCLogPerf("Registered %"PRIu32" rule profiling counters.", count);
672 }
673 
674 #endif /* PROFILING */
675 
util-byte.h
profiling_rules_enabled
int profiling_rules_enabled
Definition: util-profiling-rules.c:75
ConfNodeChildValueIsTrue
int ConfNodeChildValueIsTrue(const ConfNode *node, const char *key)
Test if a configuration node has a true value.
Definition: conf.c:858
SCProfileSummary
struct SCProfileSummary_ SCProfileSummary
SCProfileSummary_::ticks_no_match
uint64_t ticks_no_match
Definition: util-profiling-rules.c:71
SC_PROFILING_RULES_SORT_BY_AVG_TICKS
@ SC_PROFILING_RULES_SORT_BY_AVG_TICKS
Definition: util-profiling-rules.c:85
CreateIsoTimeString
void CreateIsoTimeString(const SCTime_t ts, char *str, size_t size)
Definition: util-time.c:209
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
SCProfileSummary_::matches
uint64_t matches
Definition: util-profiling-rules.c:68
ConfGetNode
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:181
SCProfileData_::rev
uint32_t rev
Definition: util-profiling-rules.c:41
SCProfilingRuleUpdateCounter
void SCProfilingRuleUpdateCounter(DetectEngineThreadCtx *det_ctx, uint16_t id, uint64_t ticks, int match)
Update a rule counter.
Definition: util-profiling-rules.c:549
SCProfileSummary_::rev
uint32_t rev
Definition: util-profiling-rules.c:62
SCProfileData_::gid
uint32_t gid
Definition: util-profiling-rules.c:40
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:787
SET_ONE
#define SET_ONE(x)
SCProfileSummary_::ticks
uint64_t ticks
Definition: util-profiling-rules.c:63
SCProfileSummary_
Definition: util-profiling-rules.c:59
SCProfilingRuleInitCounters
void SCProfilingRuleInitCounters(DetectEngineCtx *de_ctx)
Register the rule profiling counters.
Definition: util-profiling-rules.c:641
MIN
#define MIN(x, y)
Definition: suricata-common.h:380
SC_PROFILING_RULES_SORT_BY_MAX_TICKS
@ SC_PROFILING_RULES_SORT_BY_MAX_TICKS
Definition: util-profiling-rules.c:88
JSON_ESCAPE_SLASH
#define JSON_ESCAPE_SLASH
Definition: suricata-common.h:270
Signature_::profiling_id
uint16_t profiling_id
Definition: detect.h:585
SCProfileDetectCtx_::id
uint16_t id
Definition: util-profiling-rules.c:51
SCProfileDetectCtx_::data
SCProfileData * data
Definition: util-profiling-rules.c:52
ConfValIsTrue
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:536
SCProfileData_::matches
uint64_t matches
Definition: util-profiling-rules.c:43
Signature_::gid
uint32_t gid
Definition: detect.h:577
Signature_::next
struct Signature_ * next
Definition: detect.h:616
SCProfileData_::checks
uint64_t checks
Definition: util-profiling-rules.c:42
SCProfileDetectCtx_::data_m
pthread_mutex_t data_m
Definition: util-profiling-rules.c:53
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
DetectEngineThreadCtx_
Definition: detect.h:1027
SCProfileSummary_::sid
uint32_t sid
Definition: util-profiling-rules.c:60
SC_PROFILING_RULES_SORT_BY_CHECKS
@ SC_PROFILING_RULES_SORT_BY_CHECKS
Definition: util-profiling-rules.c:86
SCTIME_FROM_TIMEVAL
#define SCTIME_FROM_TIMEVAL(tv)
Definition: util-time.h:71
StringParseUint32
int StringParseUint32(uint32_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:313
util-time.h
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:289
util-profiling.h
DetectEngineCtx_::profile_ctx
struct SCProfileDetectCtx_ * profile_ctx
Definition: detect.h:910
SCLocalTime
struct tm * SCLocalTime(time_t timep, struct tm *result)
Definition: util-time.c:267
DetectEngineThreadCtx_::rule_perf_data_size
int rule_perf_data_size
Definition: detect.h:1189
SCProfilingRuleThreadCleanup
void SCProfilingRuleThreadCleanup(DetectEngineThreadCtx *det_ctx)
Definition: util-profiling-rules.c:621
SCProfileSummary_::avgticks_match
double avgticks_match
Definition: util-profiling-rules.c:65
SCProfileData_
Definition: util-profiling-rules.c:38
profiling_output_to_file
int profiling_output_to_file
Definition: util-profiling.c:97
SC_PROFILING_RULES_SORT_BY_AVG_TICKS_MATCH
@ SC_PROFILING_RULES_SORT_BY_AVG_TICKS_MATCH
Definition: util-profiling-rules.c:89
DetectEngineThreadCtx_::rule_perf_data
struct SCProfileData_ * rule_perf_data
Definition: detect.h:1188
SCProfileData_::max
uint64_t max
Definition: util-profiling-rules.c:44
SC_PROFILING_RULES_SORT_BY_TICKS
@ SC_PROFILING_RULES_SORT_BY_TICKS
Definition: util-profiling-rules.c:84
SC_PROFILING_RULES_SORT_BY_AVG_TICKS_NO_MATCH
@ SC_PROFILING_RULES_SORT_BY_AVG_TICKS_NO_MATCH
Definition: util-profiling-rules.c:90
util-conf.h
SCProfileSummary_::gid
uint32_t gid
Definition: util-profiling-rules.c:61
suricata-common.h
SCProfileDetectCtx_::size
uint32_t size
Definition: util-profiling-rules.c:50
SCLogPerf
#define SCLogPerf(...)
Definition: util-debug.h:230
SCProfilingRuleDestroyCtx
void SCProfilingRuleDestroyCtx(SCProfileDetectCtx *ctx)
Definition: util-profiling-rules.c:579
Signature_::rev
uint32_t rev
Definition: detect.h:578
SCProfileSummary_::max
uint64_t max
Definition: util-profiling-rules.c:69
FatalError
#define FatalError(...)
Definition: util-debug.h:502
DetectEngineCtx_::sig_list
Signature * sig_list
Definition: detect.h:793
SCProfileData_::sid
uint32_t sid
Definition: util-profiling-rules.c:39
SCProfileSummary_::avgticks_no_match
double avgticks_no_match
Definition: util-profiling-rules.c:66
SCMalloc
#define SCMalloc(sz)
Definition: util-mem.h:47
ConfigGetLogDirectory
const char * ConfigGetLogDirectory(void)
Definition: util-conf.c:37
SCProfileSummary_::ticks_match
uint64_t ticks_match
Definition: util-profiling-rules.c:70
SCProfileSummary_::checks
uint64_t checks
Definition: util-profiling-rules.c:67
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
SCFree
#define SCFree(p)
Definition: util-mem.h:61
ConfNode_
Definition: conf.h:32
Signature_::id
uint32_t id
Definition: detect.h:576
Signature_
Signature container.
Definition: detect.h:542
SCProfileDetectCtx_
Definition: util-profiling-rules.c:49
SCProfileDetectCtx
struct SCProfileDetectCtx_ SCProfileDetectCtx
SCProfilingRulesGlobalInit
void SCProfilingRulesGlobalInit(void)
Definition: util-profiling-rules.c:108
DetectEngineThreadCtx_::de_ctx
DetectEngineCtx * de_ctx
Definition: detect.h:1161
SCProfileData_::ticks_match
uint64_t ticks_match
Definition: util-profiling-rules.c:45
SCProfilingRuleThreadSetup
void SCProfilingRuleThreadSetup(SCProfileDetectCtx *ctx, DetectEngineThreadCtx *det_ctx)
Definition: util-profiling-rules.c:590
SC_PROFILING_RULES_SORT_BY_MATCHES
@ SC_PROFILING_RULES_SORT_BY_MATCHES
Definition: util-profiling-rules.c:87
SCProfileData
struct SCProfileData_ SCProfileData
SCProfileSummary_::avgticks
double avgticks
Definition: util-profiling-rules.c:64
SCProfileData_::ticks_no_match
uint64_t ticks_no_match
Definition: util-profiling-rules.c:46
ConfNodeLookupChildValue
const char * ConfNodeLookupChildValue(const ConfNode *node, const char *name)
Lookup the value of a child configuration node by name.
Definition: conf.c:813